diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-06-15 03:53:21 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:41 -0500 |
commit | 5b044b30ca6a9595b88b676e9ab282555bf29b84 (patch) | |
tree | e4b11370259e90894adb45dc88ba52ebdd73c93b /source4/torture | |
parent | daa6a28c04459a7477714ee3cd7b336079b21537 (diff) | |
download | samba-5b044b30ca6a9595b88b676e9ab282555bf29b84.tar.gz samba-5b044b30ca6a9595b88b676e9ab282555bf29b84.tar.bz2 samba-5b044b30ca6a9595b88b676e9ab282555bf29b84.zip |
r1150: - fixed interactive sam logon in the rpc server
- added a torture test for interactive login in smbtorture
These changes allow winxp to perform an interactive login (a login on
the winxp console) against a Samba4 DC. Our netlogon server code is
still filling in many of the fields incorrectly, but it fills in
enough that winxp can login.
(This used to be commit db9ea488b047b5f0f7538fd75fb7dde8277eb06b)
Diffstat (limited to 'source4/torture')
-rw-r--r-- | source4/torture/rpc/netlogon.c | 81 |
1 files changed, 70 insertions, 11 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index c334651d46..a7012922dc 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -284,7 +284,6 @@ struct samlogon_state { Authenticate a user with a challenge/response, checking session key and valid authentication types */ - static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, enum ntlm_break break_which, DATA_BLOB *chall, @@ -1522,6 +1521,65 @@ static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem } +/* + test an ADS style interactive domain login +*/ +static BOOL test_InteractiveLogin(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct creds_CredentialState *creds) +{ + NTSTATUS status; + struct netr_LogonSamLogonWithFlags r; + struct netr_Authenticator a, ra; + struct netr_PasswordInfo pinfo; + const char *plain_pass; + + ZERO_STRUCT(r); + ZERO_STRUCT(ra); + + creds_client_authenticator(creds, &a); + + r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + r.in.workstation = TEST_MACHINE_NAME; + r.in.credential = &a; + r.in.return_authenticator = &ra; + r.in.logon_level = 5; + r.in.logon.password = &pinfo; + r.in.validation_level = 6; + r.in.flags = 0; + + pinfo.identity_info.domain_name.string = lp_workgroup(); + pinfo.identity_info.parameter_control = 0; + pinfo.identity_info.logon_id_low = 0; + pinfo.identity_info.logon_id_high = 0; + pinfo.identity_info.account_name.string = lp_parm_string(-1, "torture", "username"); + pinfo.identity_info.workstation.string = TEST_MACHINE_NAME; + + plain_pass = lp_parm_string(-1, "torture", "password"); + + E_deshash(plain_pass, pinfo.lmpassword.hash); + E_md4hash(plain_pass, pinfo.ntpassword.hash); + + creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16); + creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16); + + printf("Testing netr_LogonSamLogonWithFlags\n"); + + status = dcerpc_netr_LogonSamLogonWithFlags(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("netr_LogonSamLogonWithFlags - %s\n", nt_errstr(status)); + exit(1); + return False; + } + + if (!creds_client_check(creds, &r.out.return_authenticator->cred)) { + printf("Credential chaining failed\n"); + return False; + } + + return True; +} + + static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; @@ -1531,7 +1589,7 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) uint32_t i1; struct creds_CredentialState creds; - if (!test_SetupCredentials(p, mem_ctx, &creds)) { + if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, &creds)) { return False; } @@ -1555,29 +1613,30 @@ static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) /* this should really be the fully qualified name */ q1.workstation_domain = TEST_MACHINE_NAME; q1.workstation_site = "Default-First-Site-Name"; - q1.foo2 = "foo"; q1.blob2.length = 0; q1.blob2.size = 0; q1.blob2.data = NULL; q1.product.string = "product string"; - q1.p4 = NULL; - q1.pp = 0x00000000; printf("Testing netr_LogonGetDomainInfo\n"); status = dcerpc_netr_LogonGetDomainInfo(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("netr_LogonGetDomainInfo - %s\n", nt_errstr(status)); + return False; + } if (!creds_client_check(&creds, &a.cred)) { printf("Credential chaining failed\n"); + return False; } - printf("fault code 0x%x status=%s\n", p->last_fault_code, nt_errstr(status)); + test_InteractiveLogin(p, mem_ctx, &creds); return True; } - BOOL torture_rpc_netlogon(int dummy) { NTSTATUS status; @@ -1603,10 +1662,6 @@ BOOL torture_rpc_netlogon(int dummy) return False; } - if (!test_GetDomainInfo(p, mem_ctx)) { - ret = False; - } - if (!test_LogonUasLogon(p, mem_ctx)) { ret = False; } @@ -1623,6 +1678,10 @@ BOOL torture_rpc_netlogon(int dummy) ret = False; } + if (!test_GetDomainInfo(p, mem_ctx)) { + ret = False; + } + if (!test_DatabaseSync(p, mem_ctx)) { ret = False; } |